CVE-2004-2466

Easy Chat Server 1.2 and 2.2 - Denial of Service via Long Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2004-2466. PoCs published by superkojiman, Metasploit, NetJackal, including Metasploit module exploits/windows/http/efs_easychatserver_username.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in Easy Chat Server 3.1 by sending a maliciously crafted HTTP GET request with an overly long username parameter. It leverages SEH overwriting and shellcode execution to spawn calc.exe as a proof of concept.

Description

chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.

Exploits (5)

exploitdb WORKING POC VERIFIED
by superkojiman · pythonremotewindows
https://www.exploit-db.com/exploits/33326

This exploit targets a stack buffer overflow in Easy Chat Server 3.1 by sending a maliciously crafted HTTP GET request with an overly long username parameter. It leverages SEH overwriting and shellcode execution to spawn calc.exe as a proof of concept.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy Chat Server 3.1
No auth needed
Prerequisites: Easy Chat Server 3.1 installed at 'C:\Program Files\EFS Software\Easy Chat Server' · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16772

This is a Metasploit module exploiting a stack buffer overflow in EFS Easy Chat Server via an overly long username parameter in an authentication request. It leverages SEH overwrite to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EFS Easy Chat Server 2.2
No auth needed
Prerequisites: Network access to the target server · Target running EFS Easy Chat Server 2.2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NetJackal · phpdoswindows
https://www.exploit-db.com/exploits/4289

This exploit targets a denial-of-service (DoS) vulnerability in Easy Chat Server 2.2 by sending an HTTP GET request with overly long 'username' and 'password' parameters, causing the server to crash. The exploit leverages a buffer overflow in the login page input validation.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Easy Chat Server 2.2
No auth needed
Prerequisites: Network access to the target server · Easy Chat Server 2.2 running with the web interface enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by r00tpgp · pythonremotewindows
https://www.exploit-db.com/exploits/50999

This exploit targets a stack-based buffer overflow in Easy Chat Server 3.1 via a crafted HTTP GET request, leveraging SEH overwrite to execute reverse meterpreter shellcode. The payload is generated using msfvenom and bypasses bad characters.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Easy Chat Server 3.1
No auth needed
Prerequisites: Network access to the target server · Python 3 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/efs_easychatserver_username.rb

This Metasploit module exploits a stack buffer overflow in EFS Easy Chat Server by sending an overly long authentication request, allowing arbitrary code execution. It uses SEH overwrites and targets specific versions (2.0 to 3.1) with known return addresses in SSLEAY32.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: EFS Easy Chat Server 2.0 to 3.1
No auth needed
Prerequisites: Network access to the target server · Target running vulnerable version of EFS Easy Chat Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36013
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16629
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25328
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67384
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/58427
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33326
Exploit, Vendor Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0077.html
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12006
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2901
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26461
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4289
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/7416
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-07/0013.html

Scores

EPSS 0.7470
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (2)
efs_software/easy_chat_server 1.2
efs_software/easy_chat_server 2.2
Published Dec 31, 2004
Tracked Since Feb 18, 2026